i lost the logs but if i remembered it right, every file on the check list was allegedly changed "checksum change" etc. i just read a thread from "pin" and the case was similar to mine. if ever i got a malicious prog running up my sys that cant be detected by norton or spybot can it be the culprit on changeing those files checksums or what? i have this suspicious prog occasionally trying to connect to the internet, i cant read the the properties, and cant determine the location with zonealarm pro. it says it is not a valid file. cant figure it out. i had the suspicion that i got from sygate's site "test your firewall" feature. .. i think, i am not sure tho. just try out sygate and have your firewalls tested.
ah.. if ever i got checksum changes. what to do?

Sorry to keep you exposed like that.
Feel free to delete the list if you want. No malware in there.
I´m not familiar with the Netscape home- and search-pages, but I guess you would have mentioned it if they were different from what you wanted.
Your startups are short and sweet ( AV + firewall)
This one looks a bit awkward:
O4 - Startup: YahooPOPs.lnk = ?
File missing?
Did you check your Event logs if there were any mentionable errors just before FileChecker alerted you?

quoting: wyx link=board=8;threadid=8688;start=0#56306 date=1051109278]
if ever i got checksum changes. what to do?

Click to expand...

FileChecker is just a file "watcher" - it currently doesn't offer the option to replace changed/altered files with known clean backup copies.

If something does happen, you should probably scan your system with an up to date anti-virus program, and look for any unusual changes. You can also report it here (with a copy of your FileChecker log, hopefully) and I can take a look at it, assuming time permits.

if some of the files that were said changed were windows system files, then it may be a good idea to get a second opinion from MSINFO32's file verification util; it will let you know if your system files have been altered. another way is to open a command (CMD) window and type in sfc \scannnow. this will search your system files and replace ones that may be damaged or missing. can't hurt!

I'll make now some more general remarks about what you could call "file-integrity-checkers".
These are programs that will give you an alarm in case a file is changed.
To be able to do that, that file has to be in the database of your "file-integrity-checker".

A file might have been changed by some program-upgrade which you did by yourself.
It could also have been caused by some "nasty".

A "file-integrity-checker" gives you only the alert that a file has been changed.
It's up to the user, you, to determine whether it was a "legal" change or not.

In case you are not certain what has caused that change, it is highly recommanded to run a full system scan with your AV, AT, anti-spyware-program.

To make it yourself a bit easier, it is advised to save your logs of your "file-integrity-checker"; assuming that it gives you that option.
It is also recommanded to keep yourself somehow informed about your latest upgrades/updates/downloads.

I myself use several "file-integrity-checkers".
I run them very frequently.
Some "file-integrity-checkers" are able to give you more or less real-time information about changes (that also depends on the OS you are running)
Other "file-integrity-checkers" do that only on-demand: you have to start them manually somehow.

Now an example of a mistake by myself:
I upgraded/updated more than one program.
My "file-integrity-checker" gave me an alert about a file-change.
That "file-integrity-checker" was used on-demand.
It was very difficult, if not impossible, to determine which of those upgrades/updates caused this.

I hope this gave some more general info.
I'm sure that Javacool, Joseph, and others can give you more info.
(PS: you could also have a look at the guidelines for NISFileCheck at the special forum-section at this board. It might give you a bit more in depth info. But please keep in mind that FileChecker from Javacool is more or less a real-time "file-integrity-checker" while NISFileCheck runs only on-demand).

I thought that was a pretty good summarization, as it stands! R2, over at DSLR Security Forum was just asking about javacool's program a few days ago. A few comments in line (these are off the top of me head as I'm still in the UK at the moment).

quoting: FanJ link=board=8;threadid=8688;start=0#msg76726 date=1059607442]
. . . . A file might have been changed by some program-upgrade which you did by yourself.
It could also have been caused by some "nasty".

A "file-integrity-checker" gives you only the alert that a file has been changed. It's up to the user, you, to determine whether it was a "legal" change or not. (emphasis added)

Click to expand...

Yes, this is the critical point. A simple file integrity checking utility simply identifies if a file scanned has changed (assuming it was in the database in the first place). It does not attempt to determine whether the change is 'normal' (as might be the case if one were to check .doc files which have been modified by the user, for instance), whether it is the result of some application update, whether it is a possible case of file corruption, or whether it's the consequence of some malware tampering with the file in question. That requires some further investigation on the user's part, as you suggest below.

In case you are not certain what has caused that change, it is highly recommanded to run a full system scan with your AV, AT, anti-spyware-program.

Click to expand...

Yep. If reasonably competent AV, AT, anti-spyware, or anti-keylogger utilities (all recently updated, of course) find nothing, it's likely (but certainly not guaranteed) that whatever is responsible for the change is not malware. An initialization file for an application, for example, could be changed simply because you'd modified some settings for the application. An update to the application is almost invariably going to change some files. If neither of these ring a bell with the end-user, then there's always the bogeyman of some sort of file corruption glitch being caused by the machine itself.

Various file integrity checking utilities work on the basis of one or more intrinsic file properties. File Size, File Date Last Modified, File Version (for most executable files), and some sort of file checksum (which can be anything from a simple CRC-32 to something as exotic as RIPEMD320) are the most likely parameters to be checked; and the file checksum is the most definitive parameter.

. . . . I myself use several "file-integrity-checkers".
I run them very frequently.
Some "file-integrity-checkers" are able to give you more or less real-time information about changes (that also depends on the OS you are running)
Other "file-integrity-checkers" do that only on-demand: you have to start them manually somehow.

Click to expand...

That's another good point. The "on-demand" checkers are good for circumstances in which one prefers to screen a large number of files for modifications relatively quickly. Often this can be done by scheduling the scan for some time when you are unlikely to be using the machine. On slower machines, trying to do the same thing with a "real-time" checker can involve large overhead.

On the other hand, if being notified immediately when a particular file (or a small number of selected files) has been changed (and possibly finding out what changed it), then the real-time scanners beat the "on-demand" scanners hands down. But it's crucial not to do "real-time" monitoring on too many files concurrently. Albert's File Change Alarm makes this point quite well for a Win 2000 Pro or Win XP machine -- the end-user is literally swamped with a never-ending series of alerts.